Privacy Policy
1.
An overview of data protection
General
information
The following information will
provide you with an easy to navigate overview of what will happen with your
personal data when you visit this website. The term “personal data” comprises
all data that can be used to personally identify you. For detailed information
about the subject matter of data protection, please consult our Data Protection
Declaration, which we have included beneath this copy.
Data
recording on this website
Who
is the responsible party for the recording of data on this website (i.e., the
“controller”)?
The data on this website is
processed by the operator of the website, whose contact information is
available under section “Information about the responsible party (referred to
as the “controller” in the GDPR)” in this Privacy Policy.
How
do we record your data?
We collect your data as a result of
your sharing of your data with us. This may, for instance be information you
enter into our contact form.
Other data shall be recorded by our
IT systems automatically or after you consent to its recording during your
website visit. This data comprises primarily technical information (e.g., web
browser, operating system, or time the site was accessed). This information is
recorded automatically when you access this website.
What
are the purposes we use your data for?
A portion of the information is
generated to guarantee the error free provision of the website. Other data may
be used to analyze your user patterns.
What
rights do you have as far as your information is concerned?
You have the right to receive
information about the source, recipients, and purposes of your archived
personal data at any time without having to pay a fee for such disclosures. You
also have the right to demand that your data are rectified or eradicated. If
you have consented to data processing, you have the option to revoke this
consent at any time, which shall affect all future data processing. Moreover,
you have the right to demand that the processing of your data be restricted
under certain circumstances. Furthermore, you have the right to log a complaint
with the competent supervising agency.
Please do not hesitate to contact
us at any time if you have questions about this or any other data protection
related issues.
2.
Hosting
We are hosting the content of our
website at the following provider:
External
Hosting
This website is hosted externally.
Personal data collected on this website are stored on the servers of the host.
These may include, but are not limited to, IP addresses, contact requests,
metadata and communications, contract information, contact information, names,
web page access, and other data generated through a web site.
The external hosting serves the
purpose of fulfilling the contract with our potential and existing customers
(Art. 6(1)(b) GDPR) and in the interest of secure, fast, and efficient
provision of our online services by a professional provider (Art. 6(1)(f) GDPR).
If appropriate consent has been obtained, the processing is carried out
exclusively on the basis of Art. 6 (1)(a) GDPR and § 25 (1) TDDDG, insofar the
consent includes the storage of cookies or the access to information in the
user’s end device (e.g., device fingerprinting) within the meaning of the
TDDDG. This consent can be revoked at any time.
Our host(s) will only process your
data to the extent necessary to fulfil its performance obligations and to
follow our instructions with respect to such data.
We are using the following host(s):
ecotel communication ag
Prinzenallee 11
40549 Düsseldorf
Data
processing
We have concluded a data processing
agreement (DPA) for the use of the above-mentioned service. This is a contract
mandated by data privacy laws that guarantees that they process personal data
of our website visitors only based on our instructions and in compliance with
the GDPR.
3.
General information and mandatory information
Data
protection
The operators of this website and
its pages take the protection of your personal data very seriously. Hence, we
handle your personal data as confidential information and in compliance with
the statutory data protection regulations and this Data Protection Declaration.
Whenever you use this website, a
variety of personal information will be collected. Personal data comprises data
that can be used to personally identify you. This Data Protection Declaration
explains which data we collect as well as the purposes we use this data for. It
also explains how, and for which purpose the information is collected.
We herewith advise you that the
transmission of data via the Internet (i.e., through e-mail communications) may
be prone to security gaps. It is not possible to completely protect data
against third-party access.
Information
about the responsible party (referred to as the “controller” in the GDPR)
The data processing controller on
this website is:
Metalux Metallveredelung GmbH
Sportplatzweg 20
68804 Altlußheim
Phone: +49 6205-390-0
E-mail: info@metalux.de
The controller is the natural
person or legal entity that single-handedly or jointly with others makes
decisions as to the purposes of and resources for the processing of personal
data (e.g., names, e-mail addresses, etc.).
Storage
duration
Unless a more specific storage
period has been specified in this privacy policy, your personal data will
remain with us until the purpose for which it was collected no longer applies.
If you assert a justified request for deletion or revoke your consent to data
processing, your data will be deleted, unless we have other legally permissible
reasons for storing your personal data (e.g., tax or commercial law retention
periods); in the latter case, the deletion will take place after these reasons
cease to apply.
General
information on the legal basis for the data processing on this website
If you have consented to data
processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or
Art. 9 (2)(a) GDPR, if special categories of data are processed according to
Art. 9 (1) DSGVO. In the case of explicit consent to the transfer of personal
data to third countries, the data processing is also based on Art. 49 (1)(a)
GDPR. If you have consented to the storage of cookies or to the access to
information in your end device (e.g., via device fingerprinting), the data
processing is additionally based on § 25 (1) TDDDG. The consent can be revoked
at any time. If your data is required for the fulfillment of a contract or for
the implementation of pre-contractual measures, we process your data on the
basis of Art. 6(1)(b) GDPR. Furthermore, if your data is required for the
fulfillment of a legal obligation, we process it on the basis of Art. 6(1)(c)
GDPR. Furthermore, the data processing may be carried out on the basis of our
legitimate interest according to Art. 6(1)(f) GDPR. Information on the relevant
legal basis in each individual case is provided in the following paragraphs of
this privacy policy.
Designation
of a data protection officer
We have appointed a data protection
officer.
dacuro GmbH
Thomas Stegemann
Otto-Hahn-Str. 3
69190 Walldorf
E-mail: datenschutz@metalux.de
Recipients
of personal data
In the scope of our business
activities, we cooperate with various external parties. In some cases, this
also requires the transfer of personal data to these external parties. We only
disclose personal data to external parties if this is required as part of the
fulfillment of a contract, if we are legally obligated to do so (e.g.,
disclosure of data to tax authorities), if we have a legitimate interest in the
disclosure pursuant to Art. 6 (1)(f) GDPR, or if another legal basis permits
the disclosure of this data. When using processors, we only disclose personal
data of our customers on the basis of a valid contract on data processing. In
the case of joint processing, a joint processing agreement is concluded.
Revocation
of your consent to the processing of data
A wide range of data processing
transactions are possible only subject to your express consent. You can also
revoke at any time any consent you have already given us. This shall be without
prejudice to the lawfulness of any data collection that occurred prior to your
revocation.
Right
to object to the collection of data in special cases; right to object to direct
advertising (Art. 21 GDPR)
IN THE EVENT THAT DATA ARE
PROCESSED ON THE BASIS OF ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO AT
ANY TIME OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA BASED ON GROUNDS
ARISING FROM YOUR UNIQUE SITUATION. THIS ALSO APPLIES TO ANY PROFILING BASED ON
THESE PROVISIONS. TO DETERMINE THE LEGAL BASIS, ON WHICH ANY PROCESSING OF DATA
IS BASED, PLEASE CONSULT THIS DATA PROTECTION DECLARATION. IF YOU LOG AN
OBJECTION, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA, UNLESS WE ARE
IN A POSITION TO PRESENT COMPELLING PROTECTION WORTHY GROUNDS FOR THE
PROCESSING OF YOUR DATA, THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS OR
IF THE PURPOSE OF THE PROCESSING IS THE CLAIMING, EXERCISING OR DEFENCE OF
LEGAL ENTITLEMENTS (OBJECTION PURSUANT TO ART. 21(1) GDPR).
IF YOUR PERSONAL DATA IS BEING
PROCESSED IN ORDER TO ENGAGE IN DIRECT ADVERTISING, YOU HAVE THE RIGHT TO
OBJECT TO THE PROCESSING OF YOUR AFFECTED PERSONAL DATA FOR THE PURPOSES OF
SUCH ADVERTISING AT ANY TIME. THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT
IT IS AFFILIATED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL
DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT ADVERTISING PURPOSES
(OBJECTION PURSUANT TO ART. 21(2) GDPR).
Right
to log a complaint with the competent supervisory agency
In the event of violations of the
GDPR, data subjects are entitled to log a complaint with a supervisory agency,
in particular in the member state where they usually maintain their domicile,
place of work or at the place where the alleged violation occurred. The right
to log a complaint is in effect regardless of any other administrative or court
proceedings available as legal recourses.
Right
to data portability
You have the right to have data
that we process automatically on the basis of your consent or in fulfillment of
a contract handed over to you or to a third party in a common, machine-readable
format. If you should demand the direct transfer of the data to another
controller, this will be done only if it is technically feasible.
Information
about, rectification and eradication of data
Within the scope of the applicable
statutory provisions, you have the right to demand information about your
archived personal data, their source and recipients as well as the purpose of
the processing of your data at any time. You may also have a right to have your
data rectified or eradicated. If you have questions about this subject matter
or any other questions about personal data, please do not hesitate to contact
us at any time.
Right
to demand processing restrictions
You have the right to demand the
imposition of restrictions as far as the processing of your personal data is
concerned. To do so, you may contact us at any time. The right to demand
restriction of processing applies in the following cases:
- In the event that you should dispute the correctness of your data
archived by us, we will usually need some time to verify this claim.
During the time that this investigation is ongoing, you have the right to
demand that we restrict the processing of your personal data. - If the processing of your personal data was/is conducted in an
unlawful manner, you have the option to demand the restriction of the
processing of your data instead of demanding the eradication of this data. - If we do not need your personal data any longer and you need it to
exercise, defend or claim legal entitlements, you have the right to demand
the restriction of the processing of your personal data instead of its
eradication. - If you have raised an objection pursuant to Art. 21(1) GDPR, your
rights and our rights will have to be weighed against each other. As long
as it has not been determined whose interests prevail, you have the right
to demand a restriction of the processing of your personal data.
If you have restricted the
processing of your personal data, these data – with the exception of their
archiving – may be processed only subject to your consent or to claim, exercise
or defend legal entitlements or to protect the rights of other natural persons
or legal entities or for important public interest reasons cited by the
European Union or a member state of the EU.
SSL
and/or TLS encryption
For security reasons and to protect
the transmission of confidential content, such as purchase orders or inquiries
you submit to us as the website operator, this website uses either an SSL or a
TLS encryption program. You can recognize an encrypted connection by checking
whether the address line of the browser switches from “http://” to “https://”
and also by the appearance of the lock icon in the browser line.
If the SSL or TLS encryption is
activated, data you transmit to us cannot be read by third parties.
Rejection
of unsolicited e-mails
We herewith object to the use of
contact information published in conjunction with the mandatory information to
be provided in our Site Notice to send us promotional and information material
that we have not expressly requested. The operators of this website and its
pages reserve the express right to take legal action in the event of the
unsolicited sending of promotional information, for instance via SPAM messages.
4.
Recording of data on this website
Cookies
Our websites and pages use what the
industry refers to as “cookies.” Cookies are small data packages that do not
cause any damage to your device. They are either stored temporarily for the
duration of a session (session cookies) or they are permanently archived on
your device (permanent cookies). Session cookies are automatically deleted once
you terminate your visit. Permanent cookies remain archived on your device
until you actively delete them, or they are automatically eradicated by your
web browser.
Cookies can be issued by us
(first-party cookies) or by third-party companies (so-called third-party
cookies). Third-party cookies enable the integration of certain services of
third-party companies into websites (e.g., cookies for handling payment services).
Cookies have a variety of
functions. Many cookies are technically essential since certain website
functions would not work in the absence of these cookies (e.g., the shopping
cart function or the display of videos). Other cookies may be used to analyze user
behavior or for promotional purposes.
Cookies, which are required for the
performance of electronic communication transactions, for the provision of
certain functions you want to use (e.g., for the shopping cart function) or
those that are necessary for the optimization (required cookies) of the website
(e.g., cookies that provide measurable insights into the web audience), shall
be stored on the basis of Art. 6(1)(f) GDPR, unless a different legal basis is
cited. The operator of the website has a legitimate interest in the storage of
required cookies to ensure the technically error-free and optimized provision
of the operator’s services. If your consent to the storage of the cookies and
similar recognition technologies has been requested, the processing occurs
exclusively on the basis of the consent obtained (Art. 6(1)(a) GDPR and § 25
(1) TDDDG); this consent may be revoked at any time.
You have the option to set up your
browser in such a manner that you will be notified any time cookies are placed
and to permit the acceptance of cookies only in specific cases. You may also
exclude the acceptance of cookies in certain cases or in general or activate
the delete-function for the automatic eradication of cookies when the browser
closes. If cookies are deactivated, the functions of this website may be
limited.
Which cookies and services are used
on this website can be found in this privacy policy.
Consent
with Complianz
Our website uses Complianz’s
consent technology to obtain your consent to store certain cookies on your
device or for the use of certain technologies and to document this consent in a
manner compliant with data protection regulations. The provider of this
technology is Complianz B.V., Kalmarweg 14-5, 9723 JG Groningen, the
Netherlands (hereinafter “Complianz”).
Complianz is hosted on our servers,
so no connection to the servers of the provider of Complianz is established.
Complianz stores a cookie in your browser in order to be able to allocate the
consents granted to you or their revocation. The data collected in this way is
stored until you request us to delete it, delete the Complianz cookie yourself
or until the purpose for storing the data no longer applies. Mandatory legal
storage obligations remain unaffected.
Complianz serves to obtain the
legally required consent for the use of cookies. The legal basis for this is
Art. 6(1)(c) GDPR.
Server
log files
The provider of this website and
its pages automatically collects and stores information in so-called server log
files, which your browser communicates to us automatically. The information
comprises:
- The type and version of browser used
- The used operating system
- Referrer URL
- The hostname of the accessing computer
- The time of the server inquiry
- The IP address
This data is not merged with other
data sources.
This data is recorded on the basis
of Art. 6(1)(f) GDPR. The operator of the website has a legitimate interest in
the technically error free depiction and the optimization of the operator’s
website. In order to achieve this, server log files must be recorded.
Request
by e-mail, telephone, or fax
If you contact us by e-mail,
telephone or fax, your request, including all resulting personal data (name,
request) will be stored and processed by us for the purpose of processing your
request. We do not pass these data on without your consent.
These data are processed on the
basis of Art. 6(1)(b) GDPR if your inquiry is related to the fulfillment of a
contract or is required for the performance of pre-contractual measures. In all
other cases, the data are processed on the basis of our legitimate interest in
the effective handling of inquiries submitted to us (Art. 6(1)(f) GDPR) or on
the basis of your consent (Art. 6(1)(a) GDPR) if it has been obtained; the
consent can be revoked at any time.
The data sent by you to us via
contact requests remain with us until you request us to delete, revoke your
consent to the storage or the purpose for the data storage lapses (e.g. after
completion of your request). Mandatory statutory provisions – in particular
statutory retention periods – remain unaffected.
5.
Plug-ins and Tools
Google
Fonts (local embedding)
This website uses so-called Google
Fonts provided by Google to ensure the uniform use of fonts on this site. These
Google fonts are locally installed so that a connection to Google’s servers
will not be established in conjunction with this application.
For more information on Google
Fonts, please follow this link: https://developers.google.com/fonts/faq and consult Google’s Data Privacy Declaration
under: https://policies.google.com/privacy?hl=en.
Google
Maps
This website uses the mapping
service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon
House, Barrow Street, Dublin 4, Ireland. With the means of this service, we can
integrate map material on our website.
To enable the use of the Google
Maps features, your IP address must be stored. As a rule, this information is
transferred to one of Google’s servers in the United States, where it is
archived. The operator of this website has no control over the data transfer.
In case Google Maps has been activated, Google has the option to use Google
Fonts for the purpose of the uniform depiction of fonts. When you access Google
Maps, your browser will load the required web fonts into your browser cache, to
correctly display text and fonts.
We use Google Maps to present our
online content in an appealing manner and to make the locations disclosed on
our website easy to find. This constitutes a legitimate interest as defined in
Art. 6(1)(f) GDPR. If appropriate consent has been obtained, the processing is
carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TDDDG,
insofar the consent includes the storage of cookies or the access to
information in the user’s end device (e.g., device fingerprinting) within the
meaning of the TDDDG. This consent can be revoked at any time.
Data transmission to the US is
based on the Standard Contractual Clauses (SCC) of the European Commission.
Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
For more information on the
handling of user data, please review Google’s Data Privacy Declaration
under: https://policies.google.com/privacy?hl=en.
The company is certified in
accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an
agreement between the European Union and the US, which is intended to ensure
compliance with European data protection standards for data processing in the
US. Every company certified under the DPF is obliged to comply with these data
protection standards. For more information, please contact the provider under
the following link: https://www.dataprivacyframework.gov/participant/5780.
6.
Online-based Audio and Video Conferences (Conference tools)
Data
processing
We use online conference tools,
among other things, for communication with our customers. The tools we use are
listed in detail below. If you communicate with us by video or audio conference
using the Internet, your personal data will be collected and processed by the
provider of the respective conference tool and by us. The conferencing tools
collect all information that you provide/access to use the tools (email address
and/or your phone number). Furthermore, the conference tools process the
duration of the conference, start and end (time) of participation in the
conference, number of participants and other “context information” related to
the communication process (metadata).
Furthermore, the provider of the
tool processes all the technical data required for the processing of the online
communication. This includes, in particular, IP addresses, MAC addresses,
device IDs, device type, operating system type and version, client version,
camera type, microphone or loudspeaker and the type of connection.
Should content be exchanged,
uploaded, or otherwise made available within the tool, it is also stored on the
servers of the tool provider. Such content includes, but is not limited to,
cloud recordings, chat/ instant messages, voicemail uploaded photos and videos,
files, whiteboards, and other information shared while using the service.
Please note that we do not have
complete influence on the data processing procedures of the tools used. Our
possibilities are largely determined by the corporate policy of the respective
provider. Further information on data processing by the conference tools can be
found in the data protection declarations of the tools used, and which we have
listed below this text.
Purpose
and legal bases
The conference tools are used to
communicate with prospective or existing contractual partners or to offer
certain services to our customers (Art. 6(1)(b) GDPR). Furthermore, the use of
the tools serves to generally simplify and accelerate communication with us or
our company (legitimate interest in the meaning of Art. 6(1)(f) GDPR). Insofar
as consent has been requested, the tools in question will be used on the basis
of this consent; the consent may be revoked at any time with effect from that
date.
Duration
of storage
Data collected directly by us via
the video and conference tools will be deleted from our systems immediately
after you request us to delete it, revoke your consent to storage, or the
reason for storing the data no longer applies. Stored cookies remain on your
end device until you delete them. Mandatory legal retention periods remain
unaffected.
We have no influence on the
duration of storage of your data that is stored by the operators of the
conference tools for their own purposes. For details, please directly contact
the operators of the conference tools.
Conference
tools used
We employ the following conference
tools:
Microsoft
Teams
We use Microsoft Teams. The
provider is the Microsoft Ireland Operations Limited, One Microsoft Place,
South County Business Park, Leopardstown, Dublin 18, Ireland. For details on
data processing, please refer to the Microsoft Teams privacy policy: https://privacy.microsoft.com/en-us/privacystatement.
The company is certified in
accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an
agreement between the European Union and the US, which is intended to ensure
compliance with European data protection standards for data processing in the
US. Every company certified under the DPF is obliged to comply with these data
protection standards. For more information, please contact the provider under
the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000KzNaAAK&status=Active.
Data
processing
We have concluded a data processing
agreement (DPA) for the use of the above-mentioned service. This is a contract
mandated by data privacy laws that guarantees that they process personal data
of our website visitors only based on our instructions and in compliance with
the GDPR.
7.
Custom Services
Handling
applicant data
We offer website visitors the
opportunity to submit job applications to us (e.g., via e-mail, via postal
services on by submitting the online job application form). Below, we will
brief you on the scope, purpose and use of the personal data collected from you
in conjunction with the application process. We assure you that the collection,
processing, and use of your data will occur in compliance with the applicable
data privacy rights and all other statutory provisions and that your data will
always be treated as strictly confidential.
Scope
and purpose of the collection of data
If you submit a job application to
us, we will process any affiliated personal data (e.g., contact and
communications data, application documents, notes taken during job interviews,
etc.), if they are required to make a decision concerning the establishment or
an employment relationship. The legal grounds for the aforementioned are § 26
BDSG according to German Law (Negotiation of an Employment Relationship), Art.
6(1)(b) GDPR (General Contract Negotiations) and – provided you have given us
your consent – Art. 6(1)(a) GDPR. You may revoke any consent given at any time.
Within our company, your personal data will only be shared with individuals who
are involved in the processing of your job application.
If your job application should
result in your recruitment, the data you have submitted will be archived on the
grounds of § 26 BDSG and Art. 6(1)(b) GDPR for the purpose of implementing the
employment relationship in our data processing system.
Data
Archiving Period
If we are unable to make you a job
offer or you reject a job offer or withdraw your application, we reserve the
right to retain the data you have submitted on the basis of our legitimate
interests (Art. 6(1)(f) GDPR) for up to 6 months from the end of the
application procedure (rejection or withdrawal of the application). Afterwards
the data will be deleted, and the physical application documents will be
destroyed. The storage serves in particular as evidence in the event of a legal
dispute. If it is evident that the data will be required after the expiry of
the 6-month period (e.g., due to an impending or pending legal dispute),
deletion will only take place when the purpose for further storage no longer
applies.
Longer storage may also take place
if you have given your agreement (Article 6(1)(a) GDPR) or if statutory data
retention requirements preclude the deletion.